January 16, 2007, at 02:52 AM
by ben -- added link to SingleInterfaceFirewall

Changed lines 358-360 from:

An introduction to some advanced iptables configuration can be found in the Gentoo Security Handbook. Note that the example firewall script needs modification to run in Openslug, at least partially because the Gentoo init script system is not used by Openslug, and that you will need to install many more iptables kernel modules than the above two!

to:

An introduction to some advanced iptables configuration can be found in the Gentoo Security Handbook. Note that the example firewall script needs modification to run in Openslug, at least partially because the Gentoo init script system is not used by Openslug, and that you will need to install many more iptables kernel modules than the above two!

August 17, 2005, at 03:54 PM
by blaster8 -- Adding a warning about editing the firewall after the init scripts are in place

Changed line 7 from:

1) Edit the firewall rules to suit your configuration\\

to:

1) Edit the firewall rules to suit your configuration, and make the script executable (chmod 755)\\

Changed lines 11-12 from:

5) If you are sure you want to make the rules permanent, run ln -s /etc/firewall /etc/init.d/firewall ; update-rc.d firewall defaults 05

to:

5) If you are sure you want to make the rules permanent, run ln -s /etc/firewall /etc/init.d/firewall ; update-rc.d firewall defaults 056) If you want to edit the firewall rules at a later date, make sure that you update-rc.d -f firewall remove before changing /etc/firewall. Then test the firewall again as above, and if satisfied, re-run update-rc.d firewall defaults 05 to run the firewall by default on startup.

This allows you to set up a simple packet filtering (not stateless!) firewall. To add extra functionality, extra kernel modules need to be installed (currently modules to add connection tracking and NAT are available, but have not been heavily tested. If you want to help test connection tracking functionality and secure you box a bit better, visit [IptablesConnTrack]).

to:

This allows you to set up a simple packet filtering (not stateless!) firewall. To add extra functionality, extra kernel modules need to be installed (currently modules to add connection tracking and NAT are available, but have not been heavily tested. If you want to help test connection tracking functionality and secure you box a bit better, visit IptablesConnTrack).

This allows you to set up a simple packet filtering (not stateless!) firewall. To add extra functionality, extra kernel modules need to be installed (currently modules to add connection tracking and NAT are available, but have not been heavily tested).

An example firewall script can be found below. This firewall script is dual purpose - it can be used to test the firewall, and it also can be used as a permanent init script if you are satisfied with it, and are sure that it will not lock you out of SSH access. Currently, having the firewall being configured by a purpose-built init script, as below, without using iptables-utils, is the recommended method.

to:

This allows you to set up a simple packet filtering (not stateless!) firewall. To add extra functionality, extra kernel modules need to be installed (currently modules to add connection tracking and NAT are available, but have not been heavily tested. If you want to help test connection tracking functionality and secure you box a bit better, visit [IptablesConnTrack]).

An basic example packet-filtering firewall script can be found below. This firewall script is dual purpose - it can be used to test the firewall, and it also can be used as a permanent init script if you are satisfied with it, and are sure that it will not lock you out of SSH access. Currently, having the firewall being configured by a purpose-built init script, as below, without using iptables-utils, is the recommended method.

Much of this info has been adapted from the EnableFirewall page, including the script (though it has been heavily modfied).

to:

Much of this info has been adapted from the EnableFirewall page, including the script (though it has been heavily modfied).

An introduction to some advanced iptables configuration can be found in the Gentoo Security Handbook. Note that the example firewall script needs modification to run in Openslug, at least partially because the Gentoo init script system is not used by Openslug, and that you will need to install many more iptables kernel modules than the above two!

An example firewall script can be found below. This firewall script is dual purpose - it can be used to test the firewall, and it also can be used as a permanent init script if you are satisfied with it, and are sure that it will not lock you out of SSH access.

to:

An example firewall script can be found below. This firewall script is dual purpose - it can be used to test the firewall, and it also can be used as a permanent init script if you are satisfied with it, and are sure that it will not lock you out of SSH access. Currently, having the firewall being configured by a purpose-built init script, as below, without using iptables-utils, is the recommended method.

August 15, 2005, at 04:59 PM
by blaster8 -- added note about new kernel modules

Changed lines 3-4 from:

This allows you to set up a simple packet filtering (not stateless!) firewall. To add extra functionality, extra kernel modules need to be installed.

to:

This allows you to set up a simple packet filtering (not stateless!) firewall. To add extra functionality, extra kernel modules need to be installed (currently modules to add connection tracking and NAT are available, but have not been heavily tested).

1) Edit the firewall rules to suit your configuration
2) Copy it to /etc/firewall
3) Run with /etc/firewall start to test
4) Test SSH by exiting the shell and reconnecting. If this fails, reboot Openslug to clear the rules and reconfigure.
5) If you want to make the rules permanent, run ln -s /etc/firewall /etc/init.d/firewall

to:

1) Edit the firewall rules to suit your configuration2) Copy it to /etc/firewall3) Run with /etc/firewall start to test4) Test SSH by exiting the shell and reconnecting. If this fails, reboot Openslug to clear the rules and reconfigure.5) If you want to make the rules permanent, run ln -s /etc/firewall /etc/init.d/firewall && FIXME Add /etc/init.d/firewall to every runlevel at about S30

An example firewall script can be found below. This firewall script is dual purpose - it can be used to test the firewall, and to setup a permanent init script if you are satisfied with it, and are sure that it will not lock you out of SSH access.

to:

An example firewall script can be found below. This firewall script is dual purpose - it can be used to test the firewall, and it also can be used as a permanent init script if you are satisfied with it, and are sure that it will not lock you out of SSH access.

1) Edit the firewall rules to suit your configuration
2) Copy it to /etc/firewall
3) Run with /etc/firewall start to test
4) Test SSH by exiting the shell and reconnecting. If this fails, reboot Openslug to clear the rules and reconfigure.
5) If you want to make the rules permanent, run ln -s /etc/firewall /etc/init.d/firewall

An example firewall script can be found below. This firewall script is dual purpose - it can be used to test the firewall, and to setup a permanent init script if you are satisfied with it, and are sure that it will not lock you out of SSH access.